Projects

Bypass Auth - AI Cookie Checker

Bypass Auth - AI Cookie Checker

Visit Website

A sophisticated automation tool designed to validate Netscape-formatted cookies using undetected-chromedriver and OpenAI's GPT-4o Vision.

A sophisticated automation tool designed to validate Netscape-formatted cookies using undetected-chromedriver and OpenAI's GPT-4o Vision.

Category

May 15, 2024

School Project

School Project

Services

May 15, 2024

Python

Python

Client

May 15, 2024

N/A

N/A

Year

May 15, 2024

2025

2025

ByPassAuth is essentially an “AI stealth cookie session tester.” It’s built to take a Netscape-format cookie file, try those cookies on a list of websites in a stealth Chrome session, and then use GPT-4o vision to decide whether the page looks like you’re logged in (YES) or not logged in (NO).

Here’s what it does, step by step, in plain English:

What it’s for

  • You give it a cookies .txt file (Netscape format) and a comma-separated list of sites.

  • It opens each site in an “undetected” Chrome browser (tries to look less like automation).

  • It injects any cookies from your file that match the site’s current domain.

  • It refreshes the page and takes a screenshot.

  • It sends that screenshot to OpenAI (GPT-4o) and asks: “Is the user logged in?”

  • It sorts the result into valid (looks logged in) or invalid (looks logged out), saving screenshots as proof.

The main pieces in your script

1) Stealth browser automation

  • Uses undetected_chromedriver to launch Chrome with automation signals reduced (e.g., disabling AutomationControlled).

  • Requires a local chromedriver.exe in the same folder, and it must match your installed Chrome version.

2) Cookie file parsing (Netscape format)

parse_netscape_cookies() reads the cookie file line-by-line and converts it into dictionaries like:

  • domain, path, secure flag, expiry, name, value

3) Cookie injection (domain-aware)

add_cookies_to_driver():

  • Looks at the browser’s actual current URL after redirects.

  • Only injects cookies whose cookie-domain matches the site domain (e.g., .google.com should apply on mail.google.com).

  • This is specifically meant to handle situations like gmail.com redirecting to accounts.google.com.

4) Screenshot → AI decision (logged in or not)

analyze_login_status():

  • Takes the screenshot, base64-encodes it, sends it to the OpenAI Chat Completions API.

  • The prompt forces a strict YES/NO based on visible UI clues like:

    • profile avatar

    • sign out button

    • dashboard pages

    • vs. login/sign-in pages

5) Output organization

It creates a timestamped folder like:

  • Scan_Results_YYYY-MM-DD_HH-MM-SS/

    • valid/

    • invalid/

For each site:

  • Saves the screenshot in valid or invalid.

  • If valid, it also copies the original cookie file into the valid folder renamed per site.

View more projects

View more projects

View all

View all

LuxSecure

Start Up

LuxSecure

Start Up

LuxSecure

Start Up

PrimeResearch

Start Up

PrimeResearch

Start Up

PrimeResearch

Start Up

HelpBase

Start Up

HelpBase

Start Up

HelpBase

Start Up